Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
70 commits
Select commit Hold shift + click to select a range
830ea91
Regenerate the CRL that expired in September 2025
aidangarske Jul 15, 2026
c66c6a7
Refresh the expired certificates embedded in certloadverifybuffer
aidangarske Jul 15, 2026
a7a4dcd
Return 0 from tls servers that returned a wolfSSL_write byte count
aidangarske Jul 15, 2026
485e833
Send a client certificate from client-tls and client-tls13-resume
aidangarske Jul 15, 2026
5c4dd2f
Return 0 from certverify instead of WOLFSSL_SUCCESS
aidangarske Jul 15, 2026
9e9574a
Give the XTS demo key two different halves
aidangarske Jul 15, 2026
506b20b
Exit success after ml_dsa prints its parameter table
aidangarske Jul 15, 2026
43356c3
Report failure from the custom io file client and server
aidangarske Jul 15, 2026
61e9eac
Latch failures across every ecc-params curve lookup
aidangarske Jul 15, 2026
cac73e0
Ignore SIGPIPE in the btle fifo transport
aidangarske Jul 15, 2026
bc816a7
Fix the dtls rw-threads certificate paths
aidangarske Jul 15, 2026
b7744fd
Make runall.sh fail when an example fails
aidangarske Jul 15, 2026
30d71cf
Make openssl-verify.sh actually verify and actually fail
aidangarske Jul 15, 2026
de3622d
Raise the generate_ssl.sh common name length limit
aidangarske Jul 15, 2026
9832cde
Port the PQ examples to the current wolfSSL API
aidangarske Jul 15, 2026
936e879
Return 0 from csr_w_ed25519_example and rsa-public-decrypt-app
aidangarske Jul 15, 2026
d91b1e6
Build the x509_acert openssl example against the right headers
aidangarske Jul 15, 2026
ace0f46
Give the examples Makefiles a consistent wolfSSL prefix
aidangarske Jul 15, 2026
11dcaca
Fix the double free and NULL derefs in the custom io cleanup paths
aidangarske Jul 15, 2026
76ad486
Stop forcing the ESP32 examples to include a developer private config
aidangarske Jul 15, 2026
c26ca56
Add the missing WiFi Kconfig to the DTLS13 station examples
aidangarske Jul 15, 2026
efd3e93
Use XSTRLCPY in client-dtls13 since wolfSSL has no XSTRCPY
aidangarske Jul 15, 2026
390afb2
Make the DTLS13 example ctx static so it stops colliding with libnet8…
aidangarske Jul 15, 2026
9cce2c8
Set SO_REUSEADDR on the tls servers that lacked it
aidangarske Jul 15, 2026
ded004f
Give puf the wolfSSL sources and stop building the IDF 4.4 only ENC28…
aidangarske Jul 15, 2026
66de396
Set SO_REUSEADDR on server-tcp as well
aidangarske Jul 15, 2026
788351a
Exit the can-bus client on EOF and give it real input in CI
aidangarske Jul 15, 2026
0fa0118
Re-arm the select timeout each pass in the nonblocking dtls server
aidangarske Jul 15, 2026
9725ac5
Keep the shared memory BIOs alive until both sides are done
aidangarske Jul 15, 2026
ed260ef
Port the ebpf tracers to the libbpf 1.0 perf_buffer__new signature
aidangarske Jul 15, 2026
b2c13fc
Clone wolfSSL before make builds its graph so uefi-static builds from…
aidangarske Jul 15, 2026
49056be
Raise wolfcryptjni compileSdk to 32 for the BigInteger API its submod…
aidangarske Jul 15, 2026
2b1d906
Link wolfentropy.o and keep wc_port socket helpers out of the UEFI build
aidangarske Jul 15, 2026
29631cb
Track the wolfSSL dilithium.c to wc_mldsa.c rename and drop a stale j…
aidangarske Jul 15, 2026
1aa61a5
Move uefi-library to the wc_MlDsa API after the wolfSSL dilithium rename
aidangarske Jul 15, 2026
df29553
Declare the launcher activity exported, required from API 31
aidangarske Jul 15, 2026
8d3e3ad
Configure wolfSSL before make in the fullstack setup script
aidangarske Jul 15, 2026
d30b5df
Track the wolfSSL io.c to wolfio.c rename in the ndk sample
aidangarske Jul 15, 2026
7be1970
Keep glibc headers out of the freestanding uefi-library build
aidangarske Jul 15, 2026
de5f63d
Track the wolfSSL mlkem.h rename and give RT1060 the SDK name it sele…
aidangarske Jul 15, 2026
58ffb9c
Track the wolfIP struct ll rename and pin wolfIP to its v1.0 release
aidangarske Jul 15, 2026
4f8c02a
Use getaddrinfo in the ndk sample since bionic does not declare getho…
aidangarske Jul 15, 2026
19677c3
Cross compile RT1060 with arm-none-eabi and document the SDK value th…
aidangarske Jul 15, 2026
e6cd02a
Enable wolfIP HTTP so its httpd.h actually declares the API the examp…
aidangarske Jul 15, 2026
e82d9c6
Define HAVE_NETDB_H so wolfio.c includes the header its getaddrinfo p…
aidangarske Jul 15, 2026
e618368
Link pkcs12.o, which RT1060 enables by default and wolfcrypt test calls
aidangarske Jul 15, 2026
5e30a35
Port the ENC28J60 examples to the ESP-IDF 5.x ethernet API
aidangarske Jul 15, 2026
3d7c8e2
Compile dtls.c in the ndk sample, which enables WOLFSSL_DTLS
aidangarske Jul 15, 2026
00c2c17
Define the PHY identifier registers the removed IDF header supplied
aidangarske Jul 15, 2026
8b03333
Compile kdf.c in the ndk sample for the TLS PRF
aidangarske Jul 15, 2026
daef66b
Give RT1060 a current_time so the benchmark stops needing clock_gettime
aidangarske Jul 15, 2026
32b64ff
Port the ENC28J60 PHY to the IDF 5.x autonego_ctrl vtable
aidangarske Jul 15, 2026
5c309ae
Remove the ENC28J60 server's duplicate driver copy that main already …
aidangarske Jul 15, 2026
514937a
Return the DTLS server to accept on close_notify so a resume is heard
aidangarske Jul 16, 2026
4f06c57
Run the C# pq client/server pair under mono
aidangarske Jul 16, 2026
0a369c6
Define WOLFSSL_CERT_REQ so the ndk-gradle app links wolfssljni's X509…
aidangarske Jul 16, 2026
1a6d3b5
Refresh the expired client ECC DER certificate
aidangarske Jul 15, 2026
9129f27
Add CI that builds and runs every example against wolfSSL master and …
aidangarske Jul 16, 2026
34bb451
Sign OCSP staples with a responder intermediate1 actually delegated
aidangarske Jul 16, 2026
b590f6c
Report a failing PKCS#11 example instead of always exiting 0
aidangarske Jul 16, 2026
ce9d34d
Link the PSA library the README's PSA_LIB_PATH names
aidangarske Jul 16, 2026
406db5b
Let jenkins.sh build against a chosen wolfSSL branch
aidangarske Jul 16, 2026
4c245ee
Widen the mynewt pointer prints so they build on a 64 bit native BSP
aidangarske Jul 17, 2026
8e725bf
Test RSA under UEFI with a 2048 bit key so it clears wolfSSL's minimum
aidangarske Jul 17, 2026
7421ae3
Left pad the ECDSA r and s so a leading zero cannot shift the signature
aidangarske Jul 17, 2026
126ee7c
Document the smime and indef flags the pkcs7 examples need
aidangarske Jul 17, 2026
9cfe9f3
Fail ecc-verify when the signature does not verify
aidangarske Jul 17, 2026
cd366cf
Fail ecc-sign when a round produces an invalid signature
aidangarske Jul 17, 2026
207e01b
Fail aesgcm-file-encrypt when its sanity test does not pass
aidangarske Jul 17, 2026
188067d
Check that ML-KEM derives the same shared secret on both sides
aidangarske Jul 17, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions .github/actions/apt-update/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
name: 'apt update'
description: 'Refresh apt, minus the runner vendor repos we never install from'

runs:
using: composite
steps:
- shell: bash
run: |
set -euo pipefail
# the image ships azure-cli/msprod repos we install nothing from; when they 403 apt fails the whole update
msft=$(grep -rl packages.microsoft.com /etc/apt/sources.list.d/ 2>/dev/null || true)
if [ -n "$msft" ]; then
sudo rm -f $msft
fi
sudo apt-get update -qq
126 changes: 126 additions & 0 deletions .github/actions/setup-wolfssl/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,126 @@
name: 'Setup wolfSSL'
description: 'Build a wolfSSL profile, install it to /usr/local, and report its sha256'

inputs:
ref:
description: 'wolfSSL git ref (branch, tag, or SHA)'
required: true
default: 'master'
flags:
description: 'configure flags for this profile'
required: true
cflags:
description: 'extra CFLAGS for this profile'
required: false
default: ''

outputs:
sha256:
description: 'sha256 of the installed libwolfssl.so - the identity gate compares against this'
value: ${{ steps.identity.outputs.sha256 }}
resolved-ref:
description: 'the commit SHA the input ref resolved to'
value: ${{ steps.resolve.outputs.sha }}

runs:
using: composite
steps:
# Resolve to a commit SHA so the cache key is stable across a run. Keying on
# a moving branch name lets two jobs in one nightly build different wolfSSLs.
- name: Resolve wolfSSL ref
id: resolve
shell: bash
run: |
ref='${{ inputs.ref }}'
if [[ "$ref" =~ ^[0-9a-f]{40}$ ]]; then
sha="$ref"
else
# An annotated tag resolves to the tag object, not the commit, so ask
# for the peeled ref first and fall back for branches.
sha=$(git ls-remote https://github.com/wolfSSL/wolfssl.git \
"refs/tags/$ref^{}" | cut -f1)
[ -n "$sha" ] || sha=$(git ls-remote \
https://github.com/wolfSSL/wolfssl.git "$ref" | head -n1 | cut -f1)
fi
[ -n "$sha" ] || { echo "could not resolve wolfSSL ref '$ref'"; exit 1; }
echo "sha=$sha" >> "$GITHUB_OUTPUT"
echo "resolved '$ref' -> $sha"
- name: Hash profile config
id: cfg
shell: bash
run: |
printf '%s|%s' '${{ inputs.flags }}' '${{ inputs.cflags }}' \
| sha256sum | cut -c1-16 | sed 's/^/hash=/' >> "$GITHUB_OUTPUT"
# Key on the image, not runner.os: a binary built against a newer glibc must
# not be restored onto an older runner image. ImageOS is set by the hosted
# runner; fall back so a self-hosted or container runner still gets a key.
- name: Compute cache key
id: key
shell: bash
run: |
img="${ImageOS:-$(. /etc/os-release 2>/dev/null && echo "$ID$VERSION_ID" || echo unknown)}"
echo "key=wolfssl-${img}-${{ steps.resolve.outputs.sha }}-${{ steps.cfg.outputs.hash }}-v1" >> "$GITHUB_OUTPUT"
echo "cache key: wolfssl-${img}-${{ steps.resolve.outputs.sha }}-${{ steps.cfg.outputs.hash }}-v1"
- name: Restore wolfSSL install
id: cache
uses: actions/cache@v5
with:
path: ~/wolfssl-install
key: ${{ steps.key.outputs.key }}

- name: Build wolfSSL
if: steps.cache.outputs.cache-hit != 'true'
shell: bash
run: |
set -euo pipefail
rm -rf /tmp/wolfssl && mkdir -p /tmp/wolfssl
cd /tmp/wolfssl
git init -q
git fetch -q --depth 1 https://github.com/wolfSSL/wolfssl.git ${{ steps.resolve.outputs.sha }}
git checkout -q FETCH_HEAD
./autogen.sh
# We need the library, not wolfSSL's own examples and test suite. Those
# also fail to build under some profiles (the `tls` profile died on
# tests/unit.test), and skipping them cuts every build substantially.
./configure --prefix="$HOME/wolfssl-install" \
--disable-examples --disable-crypttests \
${{ inputs.flags }} \
${{ inputs.cflags && format('CFLAGS="{0}"', inputs.cflags) || '' }}
make -j"$(nproc)"
make install
# Every README tells users to build against a wolfSSL at /usr/local, and 5
# host-tier Makefiles have no -I/-L at all. Installing there means CI runs the
# exact command sequence the docs document, with no overrides.
- name: Install to /usr/local
shell: bash
run: |
set -euo pipefail
sudo cp -a "$HOME/wolfssl-install/." /usr/local/
sudo ldconfig
- name: Report cache outcome
shell: bash
run: |
if [ '${{ steps.cache.outputs.cache-hit }}' = 'true' ]; then
echo "wolfSSL restored from cache (no rebuild)"
else
echo "wolfSSL cache MISS -- built from source and saved for later jobs"
fi
- name: Record wolfSSL identity
id: identity
shell: bash
run: |
set -euo pipefail
lib=$(ls /usr/local/lib/libwolfssl.so.*.*.* 2>/dev/null | head -n1 \
|| readlink -f /usr/local/lib/libwolfssl.so)
[ -f "$lib" ] || { echo "no libwolfssl.so installed under /usr/local/lib"; exit 1; }
sha=$(sha256sum "$lib" | cut -d' ' -f1)
echo "sha256=$sha" >> "$GITHUB_OUTPUT"
echo "installed $lib"
echo "sha256 $sha"
/usr/local/bin/wolfssl-config --version 2>/dev/null || true
Loading
Loading